Judy malware could affect over 36 million Android devices
Millions of Android devices could have been affected by a new auto-clicking adware program found in apps developed by a Korean company.
Uncovered last week by security company Check Point malicious apps included a series of casual cooking and fashion games under the 'Judy' brand.
They were able to evade the Play store's screening checks because the malware payload is downloaded from a non-Google server after the programs are installed. The code then uses the infected phone to click on Google ads, generating fraudulent revenue for the attacker. Once notified by Check Point, Google removed the apps.
The apps have seen a large number of downloads, however, between four and 18 million, meaning the total spread of the malware may have reached between 8.5 and 36.5 million users.
Commenting on the infection, David Emm, principal security researcher at Kaspersky Lab says, "The build-up of digital clutter means that app cleansing and updating are now more important than ever to combat malware that uses apps’ vulnerabilities to penetrate devices. However, the most important thing is still to protect the device itself by employing Internet security software and implementing regular updates."
Users are advised to have automatic updates set for their security software, backup data regularly, and change app settings to prevent apps gaining access to information on the device without the user being aware. Kaspersky also advises spring cleaning the device occasionally to get rid of any unused and unwanted apps.